REC-000 Accepted 2026-07-03

About

Cloud Security Architect with 4+ years in architecture roles, plus a decade in retail banking and a logistics business in Lagos.

Senior Cloud Security Engineer · CISSP, CCSP, CISM, ISSAP, GCP-PCA

New York, NY · Open to Remote

LinkedIn · GitHub

I design cloud security architecture for regulated industries, mostly financial services, with GCP, Zero Trust, and compliance-as-code. I have 4+ years in architecture-titled roles, plus a decade in retail banking and a few years running my own logistics business in Lagos.

I own architecture decisions, map controls to PCI DSS, SOC 2, and NIST 800-53, and run adversarial review cycles. I do not write every line of code, but I direct the build, catch the gaps, and sign off on what ships.

What I do

Career

Enterprise Architect — Go Cloud Careers
Sep 2024 – Present (Contract, Remote)

Cloud Vulnerability Engineer — LOG(N) Pacific
Sep 2023 – Aug 2024 (Contract, Remote)

Cloud Security Architect — ATBOD
Sep 2022 – Aug 2023 (Full-time, New Jersey)

Founder & Managing Director — Bloominglo Limited
2017 – 2021 (Lagos, Nigeria)

Senior Retail Banking Officer — First Bank of Nigeria
Feb 2008 – Jun 2017 (Full-time, Lagos, Nigeria)

IT Help Desk Officer — British American Tobacco
Apr 2006 – Feb 2008 (Contract, Ibadan, Nigeria)

Case studies

Compliance-as-code: OPA/Rego policy pipeline

Problem: A financial services client needed to prove PCI DSS v4.0, SOC 2, and NIST 800-53 compliance without manual audit trails. Controls were documented in spreadsheets; enforcement was inconsistent.

Solution: I architected an OPA/Rego policy repository with automated control mapping. I defined which controls were machine-enforceable, wrote the policy logic, and set up a GitHub Actions CI pipeline with Conftest to block non-compliant infrastructure before it merged.

Outcome: 50/50 passing OPA unit tests. All three CI jobs green. Four rounds of adversarial review caught 27+ defects before release. The pipeline became the audit evidence — not a spreadsheet.

View on GitHub

GCP Zero Trust access broker for lending operations

Problem: A bank’s loan officers needed time-bound, just-in-time access to sensitive customer data. Standing access violated least-privilege principles and created audit risk.

Solution: I designed a GCP-native JIT access broker using Cloud Functions, IAM conditional bindings, and audit logging. Access requests route through an approval workflow; grants expire automatically; every action is logged to BigQuery for audit.

Outcome: Eliminated standing privileged access for loan officers. Audit trail is queryable in real time. Architecture is documented with ADRs and ready for production hardening.

View on GitHub

SecureVault: GCP Security Command Center alerting

Problem: Security Command Center findings were sitting unread. The client had no automated alerting for high-risk misconfigurations like public buckets or open firewalls.

Solution: I built a lightweight pipeline: SCC SHA findings → Pub/Sub → Cloud Function → email alerts. Targeted specific high-severity findings. Kept costs under $5/month using free tiers.

Outcome: Automated alerting for PUBLIC_BUCKET_ACL, OPEN_FIREWALL, and OVER_PRIVILEGED_SERVICE_ACCOUNT. Zero manual monitoring overhead. CI/CD green.

View on GitHub

Selected writing

Certifications

Technical skills

Education

BTech, Computer Science — Ladoke Akintola University of Technology (LAUTECH), 1998–2004

Last updated: July 2026